平时做渗透测试我比较喜欢用lijiejie 写的 subDomainsBrute来爆破子域名
那么爆破完成后就想收集一下网站的c段信息
下面以平安为例
爆破得到子域名为
i.pingan.com.cn 183.129.178.89
www.pingan.com.cn 202.69.26.13
club.pingan.com.cn 202.69.18.234
home.pingan.com.cn 202.69.21.142
mail.pingan.com.cn 202.69.21.81
member.pingan.com.cn 202.69.26.18
resources.pingan.com.cn 202.69.26.6
b.pingan.com.cn 202.69.26.12
car.pingan.com.cn 202.69.19.184
wap.pingan.com.cn 202.69.26.16
api.pingan.com.cn 202.69.21.123
vp.pingan.com.cn 202.69.21.236
learn.pingan.com.cn 202.69.21.84
wifi.pingan.com.cn 116.31.80.134
download.pingan.com.cn 119.145.207.56, 113.107.107.15, 183.57.145.14, 113.107.57.44, 218.6.110.15, 59.56.26.227
legacy.pingan.com.cn 202.69.21.81
t.pingan.com.cn 202.69.26.20
cash.pingan.com.cn 202.69.21.176
money.pingan.com.cn 202.69.26.12
update.pingan.com.cn 210.83.237.20
citrix.pingan.com.cn 202.69.19.26
vpn.pingan.com.cn 183.63.51.72
cm.pingan.com.cn 202.69.21.64
cz.pingan.com.cn 202.69.23.155
mx1.pingan.com.cn 202.69.19.105
events.pingan.com.cn 202.69.26.57
rss.pingan.com.cn 202.69.19.41
map.pingan.com.cn 121.15.166.179
ai.pingan.com.cn 202.69.21.226
sip.pingan.com.cn 202.69.18.186, 202.69.18.183
dialin.pingan.com.cn 202.69.21.70
meet.pingan.com.cn 202.69.21.70
mx2.pingan.com.cn 202.69.19.104
localhost.pingan.com.cn 127.0.0.1
ask.pingan.com.cn 116.31.80.169
rms.pingan.com.cn 202.69.18.168
push.pingan.com.cn 202.69.21.76
ocs.pingan.com.cn 218.17.221.53
stock.pingan.com.cn 202.69.18.155
mb.pingan.com.cn 183.63.51.69
bank.pingan.com.cn 202.69.23.136
mx4.pingan.com.cn 202.69.18.86
tb.pingan.com.cn 202.69.26.19
sbc.pingan.com.cn 121.15.166.178, 58.251.11.225
recruit.pingan.com.cn 202.69.19.118
ck.pingan.com.cn 183.63.51.71
mx5.pingan.com.cn 202.69.19.217
message.pingan.com.cn 202.69.18.33
fund.pingan.com.cn 202.69.26.4
mgw.pingan.com.cn 202.69.26.46
txt.pingan.com.cn 119.145.207.55, 218.5.238.218, 183.57.144.150
pcs.pingan.com.cn 202.69.21.99
ehs.pingan.com.cn 202.69.21.172
vpn.bank.pingan.com.cn 218.17.146.201
写了一个python脚本,一个域名对应多个ip的我这里是抛弃处理
#coding=utf-8 import re
from sys import argv __author__ = "depycode" def getC(ipList):
resiplist = []
for i in ipList:
if i.startswith("127") or i.startswith("192.168") or i.startswith("10.") or i.startswith("172"):
continue
else:
ip = re.match(r"\d+\.\d+\.\d+\.", i)
ips = ip.group(0)
resiplist.append(ips)
resiplist = list(set(resiplist))
return resiplist def saveC(ipList,f):
for i in ipList:
for j in range(1,256):
f.write(i+str(j)+"\n")
f.close() if __name__ == "__main__":
if len(argv)!=3:
print "usage:./script.py sub.txt res.txt"
exit()
f1 = open(argv[1],"r")
f2 = open(argv[2],"w+")
lis = f1.readlines()
iplist = [] for i in lis:
s = re.split("\s+",i)
ip = s[1].strip()
if len(ip)<=16:
iplist.append(ip)
reslist = getC(iplist)
saveC(reslist, f2)
print reslist
print "success save to %s"% str(argv[2])
f1.close()
用法也比较简单
python test.py test.txt res.txt
结果如下